PTAB

IPR2019-00641

Trend Micro Inc v. Cupp Computing As

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: System and Method for Providing Network and Computer Firewall Protection with Dynamic Address Isolation to a Device
  • Brief Description: The ’079 patent discloses a firewall system intended to overcome perceived limitations in prior art. The system integrates Network Address Translation (NAT) functionality, which it terms "dynamic address isolation," with a software-based firewall on a single computing device to provide both network-level and application-level security.

3. Grounds for Unpatentability

Ground 1: Claim 1 is obvious under §103 over Sikdar in view of Applicant Admitted Prior Art (AAPA).

  • Prior Art Relied Upon: Sikdar (WO 2006/069041) and Applicant Admitted Prior Art (AAPA), which is derived from the ’079 patent’s own description of prior art systems.
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Sikdar disclosed a computer system (e.g., a laptop) with nearly all elements of claim 1. Sikdar’s "Reconfigurable Semantic Processor" (RSP) taught a processor, memory, a firewall with malicious content filtering (e.g., virus and Denial of Service protection), and an address translation engine performing NAT and Port Address Translation (PAT). Petitioner asserted that the only missing element was an explicit driver for forwarding packets, which was disclosed by the AAPA (from Figure 18 of the challenged patent) as a known architecture including an "intermediate driver" that directs network traffic to a software-based firewall.
    • Motivation to Combine: A POSITA would combine AAPA's standard driver architecture with Sikdar's advanced firewall system as a matter of common sense. To make Sikdar's NAT/PAT engine functional, packets must be routed to it, and using a driver as shown in AAPA was a well-known and straightforward implementation detail for achieving this routing.
    • Expectation of Success: The combination would yield predictable results because drivers were ubiquitous components for directing data traffic between software and hardware modules, making the integration into Sikdar's system straightforward and reliable.

Ground 2: Claim 7 is obvious under §103 over Sikdar in view of Fielding.

  • Prior Art Relied Upon: Sikdar (WO 2006/069041) and Fielding (RFC 2616).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner asserted that claim 7 adds the requirement for an outgoing data packet to include an "application identifier." While Sikdar taught the base system with a firewall and NAT, Fielding, which defines the HTTP/1.1 standard, taught the use of a "User-Agent" header field in HTTP requests. Petitioner contended this "User-Agent" string (e.g., "CERN-LineMode/2.15"), which identifies the client application, directly met the "application identifier" limitation.
    • Motivation to Combine: A POSITA would combine these teachings because Sikdar disclosed web browsing, which inherently uses the HTTP protocol. Fielding, as the governing standard for HTTP, recommended that user agents include the "User-Agent" field to allow servers to tailor responses. This was not a novel invention but standard, recommended practice for implementing the very functionality disclosed in Sikdar.
    • Expectation of Success: A POSITA would have a high expectation of success because including a "User-Agent" header was a standard feature of all mainstream web browsers at the time and was essential for proper interaction with many web servers.

Ground 3: Claim 7 is obvious under §103 over Sikdar in view of Wright.

  • Prior Art Relied Upon: Sikdar (WO 2006/069041) and Wright (Application # 2005/0055578).
  • Core Argument for this Ground:
    • Prior Art Mapping: As an alternative to Fielding for teaching the "application identifier" limitation, Petitioner pointed to Wright. Wright disclosed a mobile security system where application-layer data packets could contain an "application parameter," explicitly defined to include "an application identifier," for security policy enforcement.
    • Motivation to Combine: A POSITA would be motivated to add the explicit "application identifier" taught by Wright into the application-layer packets of Sikdar's security system. This combination represented the simple application of a known technique from Wright (using an application identifier for policy control) to a similar system (Sikdar's firewall) to improve its security functionality, which was a recognized goal in the art.
    • Expectation of Success: The combination was a predictable implementation of using an application identifier for its intended purpose within a compatible network security architecture, and thus would have been expected to succeed.
  • Additional Grounds: Petitioner asserted additional obviousness challenges, including reversing the primary and secondary references for claim 1 (AAPA in view of Sikdar) and challenging dependent claim 6 based on combinations of Sikdar, AAPA, and either Fielding or Wright, arguing these combinations taught sending application identifiers to a firewall configured for both network- and application-level security.

4. Key Technical Contentions

  • False Premise of the Patent: Petitioner's central argument was that the ’079 patent is built on a flawed premise that prior art firewalls were deficient in the ways claimed. Petitioner contended that prior art readily taught software-based firewalls with integrated NAT and both network- and application-level security, making the patent's purported contributions obvious modifications of existing technology.
  • Application Address as Identifier: Petitioner argued that an "application address," defined as the combination of an IP address and a TCP/UDP port number (a socket address), inherently identifies a specific application on a device. This contention supported the argument that Sikdar's disclosure of TCP/IP communication, which uses such addresses, inherently taught associating an application with an address.

5. Relief Requested

  • Petitioner requested institution of an inter partes review and cancellation of claims 1, 6, and 7 of Patent 9,756,079 as unpatentable under §103.